I’m working on a client DNN site accessed exclusively over https. ‘SSL Enabled?’ is checked in Site Settings, and nowhere on the site do you get the message:

“This page contains both secure and nonsecure items. Do you want to display the nonsecure items?”

…suggesting that everything is correctly accessed over https.

In spite of this a minority of users get the following message when moving between pages:

“The current site is trying to open a site in your Trusted sites list. Do you want to allow this?

Current site: http://<my site>
Trusted site: https://<my site>”

(in spite of the page URLs all showing in their browsers as ‘https://…’)

I am aware a work around would be to change their IE security settings to Enable ‘Websites in less privileged web content zone can navigate into this zone’ for ‘Trusted Sites’ but changing this is not an option for the affected users.

My question: why does IE seem in some cases to regard the pages of this site as being accessed over http when the requests are to https and there are no warnings relating to ‘nonsecure’ items?
 
A clue perhaps - When I check the ‘SSL Enforced’ option on any page of the site the page then posts back to itself in a loop making it inaccessible.

Any ideas/suggestions would be gratefully received!

Thanks in advance

Alternative hosting not an option!

Have started a new thread on the specifics of this problem: Issue with SSL offloading upstream of the DNN web server